Secjuice Squeeze 63
Welcome to the Secjuice Squeeze, a lovingly curated selection of interesting security articles and infosec news that you may have missed.
Welcome to the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly curated for you every week. This week's volume was curated by Secjuice writers Andy74, Prasanna, Tony Kelly, Sinwindie, Mars Groves, Ross Moore, Nishith K, Devesh Chande, and Alesanco.
In this edition, we have news articles, blog posts, and learning.
News
Serious Vulnerability In Facebook Could Allow Deleting Live Videos
A serious vulnerability in the Facebook platform could allow an attacker to delete Live Videos. The researcher who found this flaw also detected two more bugs affecting Facebook Live Videos and business pages.
Read more at latesthackingnews.com
Emotet Malware Destroys Itself From All Infected Computers
Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation.
Read more at thehackernews.com
Cybercriminals evolving their tactics to exploit collective human interest
Phishing activity increased significantly in the first few months of 2020, as cybercriminals continue evolving their tactics.
Read more at helpnetsecurity.com
Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery
A couple needed to raise funds to cover the costs of their daughter's upcoming heart surgery. This security researcher found a serious bug, and then donated part of the bounty to support the family.
Read more at vice.com
Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software
The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.
Read more at threatpost.com
Hackers Threaten to Leak D.C. Police Informants' Info If Ransom Is Not Paid
Metropolitan Police Department (MPD) of the District of Columbia become latest high-profile government agency to fall victim to ransomware attack.
Read more at thehackernews.com
DigitalOcean says customer billing data accessed in data breach
The data breach happened between April 9-22.
Read more at techcrunch.com
Confused Feds Subpoena Signal for Data It Doesn't Collect
For the second time in several years, Signal has been subpoenaed by federal investigators for data that the encrypted chat app company doesn’t actually collect.
Read more at gizmodo.com
Microsoft Office 365 phishing evades detection with HTML Lego pieces
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.
Read more at bleepingcomputer.com and scmagazine.com
Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses
Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place.
Read more at oodaloop.com
ToxicEye RAT is Exploiting Telegram Platform
Private messaging app Telegram is being exploited by cyberattackers who are delivering a ToxicEye RAT to take control over a hacker-operated Telegram account and leak critical data.
Read more at cyware.com
Several High-Severity Vulnerabilities Expose Cisco Firewalls to Remote Attacks
Cisco this week released patches for multiple vulnerabilities in Firepower Threat Defense (FTD) software, including high-severity issues that could be exploited for arbitrary command execution or denial-of-service (DoS) attacks.
Read more at securityweek.com
Researchers Uncover Stealthy Linux Malware That Went Undetected for 3 Years
A previously undocumented Linux malware with backdoor capabilities has managed to stay under the radar for about three years, allowing the threat actor behind the operation to harvest and exfiltrate sensitive information from infected systems.
Read more at thehackernews.com
Two in five victims of online scam adverts don’t report to host platforms
The reactive approach taken by the world’s biggest online platforms to tackle fraudulent adverts allows harmful scams to slip through the net, Which? research suggests.
Read more at which.co.uk
The ransomware surge ruining lives
A coalition is calling for action from governments as victims describe crippling cyber-attacks.
Read more at bbc.com
Vivaldi update unleashes the 'Cookie Crumbler' to simply block any services asking for consent (sites may break)
Plus: Browser sends Google's FLoC straight to the blacklist.
Read more at theregister.com
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
Read more at bleepingcomputer.com
Ransomware attack hits Washington, D.C. police department
The attack was reportedly pulled off by the Babuk gang, which has already leaked screenshots of some of the stolen data.
Read more at techrepublic.com
Microsoft Warns of Malware Delivery via Google URLs
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan.
Read more at darkreading.com
Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
Researchers show how Tesla cars could have been hacked remotely, from a drone, without any user interaction.
Read more at securityweek.com
QNAP warns of AgeLocker ransomware attacks on NAS devices
QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices to defend against Agelocker ransomware attacks targeting their data.
Read more at bleepingcomputer.com
A Rust-based Buer Malware Variant Has Been Spotted in the Wild
There is now a new Buer malware variant written in Rust programming language.
Read more at thehackernews.com
Serious XXE Vulnerability In WordPress Allowed Stealing Files
Exploiting the XXE vulnerability in WordPress 5.7 required running PHP 8 with authenticated remote access. Patch deployed with WP 5.7.1.
Read more at latesthackingnews.com
New Attacks Slaughter All Spectre Defenses
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It's bound for the dustbin.
Read more at threatpost.com
Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.
Read more at threatpost.com
Apple reports 2 iOS 0-days that let hackers compromise fully patched devices
Webkit flaws in just-released iOS 14.5 lets attackers execute malicious code.
Read more at arstechnica.com
N3TW0RM ransomware emerges in wave of cyberattacks in Israel
A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week.
Read more at bleepingcomputer.com
PoC exploit released for Microsoft Exchange bug dicovered by NSA
Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines.
Read more at bleepingcomputer.com
Python also impacted by critical IP address validation vulnerability
Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year.
Read more at bleepingcomputer.com
New Pingback Malware Using ICMP Tunneling to Evade C&C Detection
New Pingback Malware Utilizes ICMP Tunneling Technique to Avoid C&C Detection.
Read more at thehackernews.com
Microsoft Found ‘BadAlloc’ Memory Allocation Flaws In IoT Devices
BadAlloc is a family of 25 different flaws affecting IoT from multiple domains. Bugs fixed by the vendors. Users should update asap.
Read more at latesthackingnews.com
New FluBot Android Banking Trojan Spread Via SMS Phishing
FluBot Android banking trojan campaigns are active in the Europe and the UK with the potential to spread to the US as well.
Read more at latesthackingnews.com
Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.
Read more at threatpost.com
New Study Warns of Security Threats Linked to Recycled Phone Numbers
An academic study has found that using recycled mobile phone numbers could lead to a variety of cyberattacks.
Read more at thehackernews.com
Anti-Spam WordPress Plugin Could Expose Website User Data
'Spam protection, AntiSpam, FireWall by CleanTalk' is on more than 100K sites – and could offer up sensitive info to attackers that aren't even logged in.
Read more at threatpost.com
Qualcomm vulnerability impacts nearly 40% of all mobile phones
A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations.
Read more at bleepingcomputer.com
Cisco bugs allow creating admin accounts, executing commands as root
Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts.
Read more at bleepingcomputer.com
VMware fixes critical RCE bug in vRealize Business for Cloud
VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers.
Read more at bleepingcomputer.com
The Fortnite Trial Is Exposing Details About the Biggest iPhone Hack on Record
As part of the trial against Epic Games, Apple released emails that show that 128 million users, of which 18 million were in the U.S., downloaded apps containing malware known as XCodeGhost from the App Store.
Read more at vice.com
Blogs
Passwordstate Supply Chain Attack Exposes 29K Companies to the Risk of Compromise
Passwordstate was hijacked to deliver data-stealing malware in a supply chain attack. Protect your company infrastructure with detection rules from SOC Prime.
Read more at socprime.com
VB6 P-Code Obfuscation
Code obfuscation is one of the cornerstones of malware. The harder code is to analyze the longer attackers can fly below the radar and hide the full capabilities of their creations. Code obfuscation techniques are very old and take many many forms from source code modifications, opcode manipulations, packer layers, virtual machines and more.
Read more at decoded.avast.io
RedLine Stealer Masquerades as Telegram Installer
Redline Stealer hides in an installer for Telegram to install a malicious payload that exfiltrates data.
Read more at blog.minerva-labs.com
Sharing Documents via SharePoint Is Always a Good Idea: Not always…
This phishing campaign targets O365 users and includes a convincing SharePoint document requiring an email signature…urgently.
Read more at cofense.com
Standardizing Automated Security Testing for IoT: Bluetooth LE (BLE)
The current state of security for Bluetooth Low Energy (BLE) and IoT is quite poor. See how we plan to solve that with automated testing.
Read more at nowsecure.com
UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat
Mandiant has observed financially motivated UNC2447 exploiting a SonicWall VPN zero-day vulnerability and deploying ransomware.
Read more at fireeye.com
RotaJakiro: A long live secret backdoor with 0 VT detection
Overview On March 25, 2021, 360 NETLAB's BotMon system flagged a suspiciousELF file (MD5=64f6cfe44ba08b0babdd3904233c4857) with 0 VT detection, the sample communicates with 4 domains on TCP 443 (HTTPS), but the traffic is not of TLS/SSL. A close look at the sample revealed it to be a backdoor targeting Linux X64 systems, a family that has been around for at least 3 years.
Read more at blog.netlab.360.com
Hackers Abuse Excel 4.0 Macros to Deliver ZLoader & Quakbot Malware
The Excel 4.0 macros are being continuously adapted by the threat actors. recently experts have detected that hackers are abusing Excel 4.0 macros.
Read more at gbhackers.com
Mobile Apps Exposing AWS Keys Affect 100M+ Users’ Data
0.5% of Mobile Apps on the Internet Expose AWS API Keys.
Read more at bevigil.com
Firebase Domain Front - Hiding C2 as App traffic
In our recent project, we were able to hide ourselves as a legit mobile traffic and bypass a lot of traffic filters.
Read more at redteam.cafe
The Instagram ads Facebook won't show you
Companies like Facebook aren’t building technology for you, they’re building technology for your data. They collect everything they can from FB, Instagram, and WhatsApp in order to sell visibility into people and their lives.
Read more at signal.org
A massive DDoS knocked offline Belgian government websites
A massive distributed denial of service (DDoS) attack shut down Belgiums’ government websites, internal networks were also impacted. A massive distributed denial of service (DDoS) attack hit most of the Belgium government’s IT network, according to the media the attack also knocked offline internal systems.
Read more at securityaffairs.co
An APT with no name
When the 7th July indictment was released naming two Chinese hackers affiliated with the Guangdong State Security Department, it grabbed our interest.
Read more at intrusiontruth.wordpress.com
Roaming Mantis Amplifies Smishing Campaign with OS-Specific Android Malware
The Roaming Mantis smishing campaign has been impersonating a logistics company to steal SMS messages and contact lists from Asian Android users.
Read more at mcafee.com
Crane horror Reg reader uses his severed finger to unlock Samsung Galaxy phone
On the other hand he was fine.
Read more at theregister.com
Domain Hijacking Via Logic Error - Gandi And Route 53 Vulnerability
On 12 February 2021, Cyberis identified a weakness in the domain transfer processes of Gandi which allowed any Nominet registry domain (including .co.uk and org.uk domains) registered with Gandi to be transferred out of the owner’s control and into the control of an arbitrary AWS Route 53 account, without any authorisation being provided by the owner of the domain.
Read more at cyberis.co.uk
Learning
Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
A newly-discovered NTLM relay attack makes every Windows system vulnerable to an escalation of privileges attack, and there's no patch in sight.
Learn more at labs.sentinelone.com